Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update HMAC SHA #197

Closed
capegreg opened this issue Jan 8, 2024 · 4 comments · Fixed by #198
Closed

Update HMAC SHA #197

capegreg opened this issue Jan 8, 2024 · 4 comments · Fixed by #198

Comments

@capegreg
Copy link

capegreg commented Jan 8, 2024

Can SHA in GenerateHashedCode be updated from HMACSHA1 to HMACSHA256?
@ahwm ahwm mentioned this issue Jan 9, 2024
Merged
@ahwm
Copy link
Collaborator

ahwm commented Jan 9, 2024

This is in progress, but as noted on #198 a number of popular OTP apps don't support SHA256 including: Microsoft Authenticator and Authy so it's probably not recommended unless you can control the apps being used to some extent.

Given the location where the HMAC is generated there doesn't appear to be a big push or concern (it's only used to generate the time codes).

@capegreg
Copy link
Author

Understood and agree with you regarding its isolated use. Interesting that some OTP apps don't support SHA256 yet. Microsoft Authenticator is one of my supported OTP apps. Thank you, Adam.

@capegreg
Copy link
Author

Closing issue.

@flytzen
Copy link
Collaborator

flytzen commented Jan 12, 2024

@capegreg FYI: @ahwm made the change and v 3.2 is on its way to Nuget with this added.

Thank you both.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added support for HMACSHA 256 and 512 BrandonPotter/GoogleAuthenticator
3 participants
@capegreg @flytzen @ahwm